| Security and risk | |
| “A cybercriminal has to go through multiple steps, the so called kill chain, in order to successfully compromise a system. So there are multiple stages at which an attack can be blocked” |  NextGen Group : Lars Meyer |
| Security and risk management is an essential part of business continuity which is often overlooked. The Irish Information Security and Cybercrime Survey published by Deloitte in 2013 showed that 40% of Irish enterprises have experienced a breach with an average cost per organisation of over €135,000. Compared to the same report of 2012, the cost has more than tripled and these figures only present the known security breaches.Besides the obvious financial and management changing impacts upon an organisation, there might be soon more severe legal implications as well. Germany and the Netherlands have recently implemented regulations which makes it mandatory for enterprises to report any security breaches to the government. So it can be expected that such regulations will become EU law within the next two years which will make it mandatory for Irish businesses as well.An investment into effective security technology to prevent cyberattacks is therefore by far the better and more cost effective approach then hoping that nothing will happen. But what makes security technology effective and what is required to cope with the rapidly changing threat landscape and sophistication of attacks?
A cybercriminal has to go through multiple steps, the so called kill chain, in order to successfully compromise a system. So there are multiple stages at which an attack can be blocked, however the challenge is that no threat mitigation technique on its own provides 100% security. The SANS Institute for instance showed in its whitepaper “Beating the IPS” that every IPS system from any vendor can be evaded. So far enterprise tried to tackle this task by implementing various independent security solution like firewalls, web security gateways and endpoint antivirus. This, however, only created silos of security as every system only looks at certain aspects of the communication and with this misses the big picture which makes it again relatively easy for cybercriminals to evade such a security solution. An interesting approach for a sophisticated enterprise security solution which is capable of dealing with the rapidly changing threat landscape comes from Palo Alto Networks. It integrates network security and endpoint protection with a next-generation firewall that brings together the most effective threat prevention techniques into a single systems to protect the network while clients and servers are secured with an advanced endpoint protection solution which no longer relies on signatures.
|
|
| Agility key | |
| “With the advent of blended solutions incorporating some on premise and elements of cloud platforms, this is much more complex. This is where the gaps in documentation, process and testing can cause significant gaps in protection” |  Sureskills : Kevin Reid |
| With economic conditions improving and companies trying to position themselves to grow market share or enter new markets, the key to building capability is agility. This means the traditional capital expenditure model is not ideally suited and needs to be blended with cloud solutions to build capacity and functionality rapidly.Traditional infrastructure and business system purchases had a long cycle and were well understood including the need for protection locally and recovery in a DR or business continuity scenario. With the advent of blended solutions incorporating some on premise and elements of cloud platforms, this is much more complex. This is where the gaps in documentation, process and testing can cause significant gaps in protection. Even understanding the impact of an outage on a hybrid environment can be challenging.Simple things like authentication sources or access rules can be overlooked in these solutions so even if the platform is accessible when a partial or full failure occurs it is not possible to use them. This is where the full dependency mapping and documentation is critical along with the tested mechanisms to restore system functionality.
Incorporating these into a regular test suite for the DR and business continuity plans is essential to grow a sustainable and robust business platform. To achieve this additional time and effort needs to be built into the adoption of the platforms to allow this level of understanding and confidence in the recovery plans. Easily adopted cloud platforms don’t always deliver simpler business continuity.
|
|
| Cloud solution | |
| “In planning for the unexpected, companies have to weigh the risk versus the cost of creating such a DRBC contingency plan. And make no mistake, there is no absolute answer” |  CloudStrong : David Waldron, Channel Partner Manager, CloudStrong |
| Given the human tendency to look on the bright side, many organisations are prone to ignoring disaster recovery because a disaster seems an unlikely event. Business continuity planning suggests a more comprehensive approach to ensuring a business continues to make money. Cloud should be an obvious solution to an age old problem, however, how can a business be sure they are getting a solution that suits their business needs? It is important that your SLA clearly spells out your requirements.An example of this is the fast paced uptake in the DaaS marketplace. An obvious assumption is that disaster recovery and business continuity measures come as standard! Perhaps the fine print of the SLA may be failover of switches, routers, power, firewall, within the data centre itself, but does it include replication of the O/S and all configurations such as the Chameleon cDaaS?In planning for the unexpected, companies have to weigh the risk versus the cost of creating such a DRBC contingency plan. And make no mistake, there is no absolute answer. A simple backup may be more than ample solution for some, for others this may just be the starting point. This is where business continuity may be overlooked. Organisations may feel the measures they have in place are adequate, but is this just what the marketplace is telling them, or has an actual risk assessment been completed? This is often where the breakdown occurs and unfortunately it’s only in the event of a disaster that the truth unfolds.
|
|
| Simple questions | |
| “Organisations develop over time and often this evolution while slow, can be dramatic, so a business continuity strategy and plan which is out of date may be useless and give the organisation a significant feeling of security which is misplaced” |  Renaissance Contingency Services Ltd : Michael Conway |
| Business continuity is often misunderstood and often people are actually looking at DR. In each organisation the simple questions have to be asked: what are the key functions of the organisation which must be continued during and immediately following a major unscheduled business interruption?The support plan and resources necessary to support this form the Business Continuity strategy and plan. There is normally a significant technology element but frequently that is where the plan starts and stops and it does not address the other elements; e.g. getting the orders out, stock, meeting compliance demands etc.In Renaissance, we have developed methodologies following best international practice looking at the overall business continuity requirements of an organisation. We can look at organisations, whether they have a very mature or immature business continuity strategy and culture, and evaluate its appropriateness in the light of their current business and future requirements.
Frequently organisations run with something developed some time ago and is not fit for their current requirements. Organisations develop over time and often this evolution while slow, can be dramatic, so a business continuity strategy and plan which is out of date may be useless and give the organisation a significant feeling of security which is misplaced. Renaissance can review and exercise the plan, because if it is not exercised and tested it is likely to fail. We can then make appropriate recommendations and develop and manage the business continuity programme for our clients following international standards for this.
|
|
Subscribers 0
Fans 0
Followers 0
Followers